CVE-2025-53367

Description

DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.

PUBLISHED Reserved 2025-06-27 | Published 2025-07-03 | Updated 2025-11-04 | Assigner GitHub_M

Problem types

CWE-787: Out-of-bounds Write

CWE-125: Out-of-bounds Read

Product status

References

github.blog/...exploitable-out-of-bounds-write-in-djvulibre/ exploit

lists.debian.org/debian-lts-announce/2025/07/msg00007.html

www.openwall.com/lists/oss-security/2025/07/03/1

www.openwall.com/lists/oss-security/2025/07/18/3

securitylab.github.com/advisories/GHSL-2025-055_DjVuLibre/

github.blog/...-exploitable-out-of-bounds-write-in-djvulibre

github.com/...s/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367

sourceforge.net/.../33f645196593d70bd5e37f55b63886c31c82c3da

www.openwall.com/lists/oss-security/2025/07/03/1

cve.org (CVE-2025-53367)

nvd.nist.gov (CVE-2025-53367)

Download JSON